Make mbedtls_ssl_check_cert_usage() work for 1.3

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2025-08-01 10:06:53 +03:00 · 2024-08-09 11:49:12 +02:00
parent 96a0c5c48e
commit 4938b693f3
4 changed files with 33 additions and 31 deletions
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@ -756,7 +756,9 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl,
         * and decrypting with the same RSA key.
         */
        if (mbedtls_ssl_check_cert_usage(cur->cert, ciphersuite_info,
-                                         MBEDTLS_SSL_IS_CLIENT, &flags) != 0) {
+                                         MBEDTLS_SSL_IS_CLIENT,
+                                         MBEDTLS_SSL_VERSION_TLS1_2,
+                                         &flags) != 0) {
            MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: "
                                      "(extended) key usage extension"));
            continue;